update to 2.0.2b

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1337 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-05-18 14:30:22 +00:00 · 2004-05-18 14:30:22 +00:00 · 12e1ed1375
commit 12e1ed1375
parent a546817aa6
4 changed files with 89 additions and 43 deletions
--- a/Lrp2/etc/shorewall/shorewall.conf
+++ b/Lrp2/etc/shorewall/shorewall.conf
@ -225,7 +225,7 @@ SHOREWALL_SHELL=/bin/sh
 # use lock files, set this to "".
 #

-SUBSYSLOCK=/var/run/shorewall
+SUBSYSLOCK=/var/lock/subsys/shorewall

 #
 # SHOREWALL TEMPORARY STATE DIRECTORY
@ -234,7 +234,7 @@ SUBSYSLOCK=/var/run/shorewall
 # it is running
 #

-STATEDIR=/var/state/shorewall
+STATEDIR=/var/lib/shorewall

 #
 # KERNEL MODULE DIRECTORY
--- a/Lrp2/usr/share/shorewall/action.template
+++ b/Lrp2/usr/share/shorewall/action.template
@ -42,6 +42,15 @@
 #			to a separate log through use of ulogd
 #			(http://www.gnumonks.org/projects/ulogd).
 #
+#			Actions specifying logging may be followed by a
+#			log tag (a string of alphanumeric characters)
+#			are appended to the string generated by the
+#			LOGPREFIX (in /etc/shorewall/shorewall.conf).
+#
+#			Example: ACCEPT:info:ftp would include 'ftp '
+#			at the end of the log prefix generated by the
+#			LOGPREFIX setting.
+#
 #	SOURCE		Source hosts to which the rule applies. 
 #			A comma-separated list of subnets
 #			and/or hosts. Hosts may be specified by IP or MAC
--- a/Lrp2/usr/share/shorewall/firewall
+++ b/Lrp2/usr/share/shorewall/firewall
@ -87,6 +87,7 @@ startup_error() # $* = Error Message
    echo "   Error: $@" >&2
    my_mutex_off
    [ -n "$TMP_DIR" ] && rm -rf $TMP_DIR
+    rm -f /var/lib/shorewall/restore-$$
    kill $$
    exit 2
 }
@ -1213,6 +1214,9 @@ stop_firewall() {
    #
    # Turn off trace unless we were tracing "stop" or "clear"
    #
+
+    rm -f /var/lib/shorewall/restore-$$
+
    case $COMMAND in
 	stop|clear)
 	    ;;
@ -1222,8 +1226,6 @@ stop_firewall() {
 	    ;;
 	*)
 	    set +x
-	    rm -f /var/lib/shorewall/restore-$$
-
 	    if [ -f /var/lib/shorewall/restore ]; then
 		echo Restoring Shorewall...
 		. /var/lib/shorewall/restore
@ -2325,6 +2327,7 @@ check_config() {
    process_actions2

    rm -rf $TMP_DIR
+    rm -f /var/lib/shorewall/restore-$$

    echo "Configuration Validated"

@ -2722,7 +2725,7 @@ process_actions1() {
 		    case $temp in
 			ACCEPT|REJECT|DROP)
 			    eval ${temp}_common=$xaction
-			    if ! list_search $xaction $USEDACTIONS; then
+			    if [ -n "$xaction" ] && ! list_search $xaction $USEDACTIONS; then
 				USEDACTIONS="$USEDACTIONS $xaction"
 				[ $COMMAND = check ] || createactionchain $xaction
 			    fi
@ -3842,42 +3845,6 @@ process_tos() # $1 = name of tos file
    run_iptables -t mangle -A OUTPUT	 -j outtos
 }

-#
-# Load a Kernel Module
-#
-loadmodule() # $1 = module name, $2 - * arguments
-{
-    local modulename=$1
-    local modulefile
-    local suffix
-    moduleloader=modprobe
-
-    if ! qt which modprobe; then 
-	moduleloader=insmod
-    fi
-
-    if [ -z "$(lsmod | grep $modulename)" ]; then
-	shift
-	
-	for suffix in $MODULE_SUFFIX ; do
-	    modulefile=$MODULESDIR/${modulename}.${suffix}
-
-	    if [ -f $modulefile ]; then
-		case $moduleloader in
-		    insmod)
-			insmod $modulefile $*
-			;;
-		    *)
-			modprobe $modulename
-			;;
-		esac
-
-		return
-	    fi
-	done
-    fi
-}
-
 #
 # Display elements of a list with leading white space
 #
@ -4570,6 +4537,20 @@ load_kernel_modules() {
    if [ -f $modules -a -d $MODULESDIR ]; then
 	echo "Loading Modules..."
 	. $modules
+
+	if [ "$command" != check ]; then
+	    save_command "reload_kernel_modules <<EOF"
+
+	    while read command; do
+		case "$command" in
+		loadmodule*)
+		    save_command $command
+		    ;;
+		esac
+	    done < $modules
+	    
+	    save_command EOF
+	fi
    fi
 }

@ -5420,6 +5401,15 @@ define_firewall() # $1 = Command (Start or Restart)

    verify_os_version
    verify_ip
+
+    [ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall
+
+    echo '#bin/sh' > /var/lib/shorewall/restore-$$
+    echo ". /usr/share/shorewall/functions" >> /var/lib/shorewall/restore-$$
+
+    save_command "MODULESDIR=\"$MODULESDIR\""
+    save_command "MODULE_SUFFIX=\"$MODULE_SUFFIX\""
+
    load_kernel_modules

    echo "Initializing...";                    initialize_netfilter
@ -6078,8 +6068,6 @@ do_initialize() {

    rm -f $TMP_DIR/physdev

-    echo '#bin/sh' > /var/lib/shorewall/restore-$$
-    echo ". /usr/share/shorewall/functions" >> /var/lib/shorewall/restore-$$
 }

 #
--- a/Lrp2/usr/share/shorewall/functions
+++ b/Lrp2/usr/share/shorewall/functions
@ -162,6 +162,55 @@ separate_list() {
    echo "$newlist"
 }

+#
+# Load a Kernel Module
+#
+loadmodule() # $1 = module name, $2 - * arguments
+{
+    local modulename=$1
+    local modulefile
+    local suffix
+    moduleloader=modprobe
+
+    if ! qt which modprobe; then 
+	moduleloader=insmod
+    fi
+
+    if [ -z "$(lsmod | grep $modulename)" ]; then
+	shift
+	
+	for suffix in $MODULE_SUFFIX ; do
+	    modulefile=$MODULESDIR/${modulename}.${suffix}
+
+	    if [ -f $modulefile ]; then
+		case $moduleloader in
+		    insmod)
+			insmod $modulefile $*
+			;;
+		    *)
+			modprobe $modulename $*
+			;;
+		esac
+
+		return
+	    fi
+	done
+    fi
+}
+
+#
+# Reload the Modules
+#
+reload_kernel_modules() {
+
+    [ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
+
+    while read command; do 
+	eval $command
+    done
+
+}
+
 #
 # Find the zones
 #